FIPS validation opens federal doors for pcAnywhere

A new cryptographic module included in the latest version of pcAnywhere has been certified to the Federal Information Processing Standard.

The module was developed to improve security for the tool that enables remote administration and access to desktop computers, said Mike Baldwin, product manager for Symantec Corp. of Cupertino, Calif.

It received validation for FIPS 140-2, Level 1, in December.

'This is a different approach to encryption for pcAnywhere,' Baldwin said.

Earlier versions of the tool used Microsoft's application programming interface for encryption, which did not allow the strongest algorithms to be used. The new module, included in version 11.5 released in November, uses the Advanced Encryption Standard algorithm with keys up to 256 bits long.

Government users are required to give preference to cryptographic tools that have achieved FIPS 140-2 certification when such a tool is available. But pcAnywhere already has a large customer base in military and civilian agencies.

'We're all over the place,' Baldwin said. There are some mobile users who use the tool for remote access to home office resources, but the majority of users are for help desks and service support centers.

Baldwin said Symantec found that FIPS is a growing issue with federal customers. The lack of a certification was a deal-breaker for some agencies, and for the rest, certification was an added value. So the decision was made to seek validation for the new module.

Australia, Canada and several European countries also recognize the FIPS standards for cryptographic modules. They also are being adopted in the private sector, including the financial-services industry.

Security Level 1 validation lets the software and firmware components of the module to be used on a general-purpose system using an operating system that has not been evaluated under FIPS without additional security.